What is a DPIA?

The ICO defines a Data Protection Impact Assessment, or DPIA, as a way to ‘help organisations to identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy.’ The ICO only specifies that you should conduct a DPIA when you are using a new technology, or when you are processing data in a way which could post a real risk to the rights of freedoms of the individuals.

In a perfect world, everyone would be free from religious persecution and faith would not need to be a protected characteristic. In reality, if you are a large church with international locations, you may well need to take this into consideration.

The ICO has provided comprehensive advice on carrying out a DPIA on their website.

Even if you are a small church, or are based in a European country where individuals are free to express their Christianity, you will still need to be careful, as your data will by default contain information about individuals’ religious beliefs. It is best practice to use the advent of GDPR as an opportunity to review your Data Protection policies and practices.

GDPR Advice from iKnow ChurchPart of the UK’s leading Christian Software Company